Re: [DNSOP] Passive DNS - Common Output Format (draft-dulaunoy-kaplan-passive-dns-cof-01)

Sebastian Castro <sebastian@nzrs.net.nz> Thu, 27 February 2014 20:25 UTC

Return-Path: <sebastian@nzrs.net.nz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A852D1A0665 for <dnsop@ietfa.amsl.com>; Thu, 27 Feb 2014 12:25:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.051
X-Spam-Level:
X-Spam-Status: No, score=0.051 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, J_CHICKENPOX_42=0.6, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xsr6CvXVP7bK for <dnsop@ietfa.amsl.com>; Thu, 27 Feb 2014 12:25:19 -0800 (PST)
Received: from srsomail.nzrs.net.nz (srsomail.nzrs.net.nz [202.46.183.22]) by ietfa.amsl.com (Postfix) with ESMTP id F23F41A0645 for <dnsop@ietf.org>; Thu, 27 Feb 2014 12:25:17 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by srsomail.nzrs.net.nz (Postfix) with ESMTP id 7827A4B99F9 for <dnsop@ietf.org>; Fri, 28 Feb 2014 09:25:15 +1300 (NZDT)
X-Virus-Scanned: Debian amavisd-new at srsomail.office.nzrs.net.nz
Received: from srsomail.nzrs.net.nz ([202.46.183.22]) by localhost (srsomail.office.nzrs.net.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Ri8HbHvRfK2 for <dnsop@ietf.org>; Fri, 28 Feb 2014 09:25:06 +1300 (NZDT)
Received: from [192.168.22.178] (unknown [202.46.183.35]) (Authenticated sender: sebastian) by srsomail.nzrs.net.nz (Postfix) with ESMTPSA id A292E4B99F7 for <dnsop@ietf.org>; Fri, 28 Feb 2014 09:25:06 +1300 (NZDT)
Message-ID: <530F9F22.7070300@nzrs.net.nz>
Date: Fri, 28 Feb 2014 09:25:06 +1300
From: Sebastian Castro <sebastian@nzrs.net.nz>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: "dnsop@ietf.org" <dnsop@ietf.org>
References: <52D298FB.3080100@redbarn.org> <52D6E0AB.807@redbarn.org>
In-Reply-To: <52D6E0AB.807@redbarn.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/2aANxz8qkJe4X9ZjCQdSgr_n8VU
Subject: Re: [DNSOP] Passive DNS - Common Output Format (draft-dulaunoy-kaplan-passive-dns-cof-01)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 20:25:21 -0000

On 16/01/14 08:25, Paul Vixie wrote:
> speaking for the authors of the draft below, i request adoption by
> dnsop. --vixie
> 

Hi Paul and the rest of the authors.

> https://datatracker.ietf.org/doc/draft-dulaunoy-kaplan-passive-dns-cof/
> 
> Internet Engineering Task Force                              A. Dulaunoy
> Internet-Draft                                                     CIRCL
> Intended status: Informational                                 A. Kaplan
> Expires: July 11, 2014                                           CERT.at
>                                                                 P. Vixie
>                                                                 H. Stern
>                                                  Farsight Security, Inc.
>                                                          January 7, 2014
> 
>                    Passive DNS - Common Output Format
>                 draft-dulaunoy-kaplan-passive-dns-cof-01
> 
> Abstract
> 
>    This document describes a common output format of Passive DNS Servers
>    which clients can query.  The output format description includes also
>    in addition a common semantic for each Passive DNS system.  By having
>    multiple Passive DNS Systems adhere to the same output format for
>    queries, users of multiple Passive DNS servers will be able to
>    combine result sets easily.
> 

I've read the 02 draft and I have a couple of comments:

- In section 3.3, it reads:
   rdata MAY be an array as defined in JSON [RFC4627].
   Implementors of this draft MUST be able to deal with rdata being
   returned as JSON array or alternatively as a JSON string.

Thinking as a developer, it could be annoying to have to test if rdata
is a string or an array. Given JSON arrays can be empty, wouldn't be
better to express it always as an array?

- In section 3.4.1 count
   Specifies how many authoritative DNS answers were received at the
   Passive DNS Server's collectors with exactly the given set of values
   as answers (i.e. same data in the answer set - compare with the
   uniqueness property in "Mandatory Fields").  The number of requests
   is expressed as a decimal value.

If you collector is sitting in front of a recursor, that uses an
upstream recursor (forwarder), the number of answers you are going to
see it won't be the same of the number of authoritative answers. Given
this, should count be an object like

   { 'total': integer,
     'auth': integer }

or be expressed in different fields?


Finally, is there a reason why TTL are being omitted from the collection
and responses?


Cheers,


> 
> ...
> 
> 
> 
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
> 


-- 
Sebastian Castro
Technical Research Manager
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535